Mon-Thu 09:00-18:00 | Fri 09:00-17:00

4000% rise in cybersecurity breaches for UK pension schemes

An article in Pensions Age reported research from law firm RPC revealed a 4000% rise in data breach reports to the Information Commissioners Office (ICO) in the year to June 2023. As a result, pension scheme trustees have been urged to remain mindful of cybersecurity risks and ensure their customer’s data is stored safely and securely.

UK pension schemes reported the biggest-ever rise in cybersecurity breaches, increasing from six in 2021/22 to 246 in 2022/23. Such a significant rise clearly demonstrates the very real threat faced by trustees and scheme members. The report found that UK financial services firms reported 640 cybersecurity breaches to the ICO in the year to June 2023. This is nearly three times the amount reported in the previous period which was just 187, and represents a 242% increase in cyber-attacks leading to breaches.

Pension schemes could be a big target for hackers as they hold a lot of valuable information, such as sensitive financial data and personal details, which could put pensioners at risk of ransom demands and phishing attacks. They also hold significant assets for many individuals.

Image of a red warning symbol and the words 'hacked' over a laptop keyboard. Cybersecurity image concept.

The Capita data breach could affect more than one million UK pension holders

These concerns follow Capita data breach, which occurred earlier this year when a number of major pension schemes were affected. Capita is one of the UK’s biggest outsourcing and professional services companies, and they suffered two significant data breaches in 2023. Capita administers the pension funds for over 450 pension providers in the UK, including the Royal Mail, Axa, PwC, Marks and Spencer, and the Universities Superannuation Scheme (USS), which is the main pension fund for universities in the UK, to and many other large firms.

The attack prompted The Pensions Regulator (TPR) to write to more than 300 pension funds, advising them to check whether their data had been affected by the breach and stolen by hackers. It is believed over a million UK pension holders could be at risk due to this cybersecurity incident.

Some of the affected pension schemes include:

  • Universities Superannuation Scheme (USS)
  • Unilever
  • Marks and Spencer
  • PwC
  • Royal Mail
  • Rothesay
  • BAE Systems
  • Diageo
  • Mineworkers Pension Scheme
  • Capita

In a statement on their website published on 12 May 2023, The Pensions Regulator said:

“As trustees, you are responsible for the security of your members’ data. If you use Capita’s services, you should check whether your pension scheme’s data could be affected. Make sure you keep communicating with Capita as the situation evolves.”

During the breaches, data that could have been stolen by hackers includes titles, initial(s), full names, date of birth, National Insurance number, pension fund member number, and retirement date. Some organisations reported that passport photos, bank account details, home addresses and phone numbers could also have been breached.

To find out more about the Capita data breach and whether you may have been affected, read our blog: Capita data breaches 2023: Everything you need to know.

A picture of an elderly person working out an equation on a calculator sat behind a table with a pot full of coins that says 'pension' on it next to them.

The Pensions Regulator’s current guidance 

In 2018, The Pensions Regulator set out its cybersecurity principles for trustees to follow in terms of their response to growing cybersecurity threats. These principles have not been updated since, despite the changes to the cyber security landscape at that time. Given the increase in cyber security threats to the pension industry, many have called for The Pensions Regulator to go further than its current guidance in this area and provide greater guidance to trustees and scheme managers.

RPC partner and head of cyber and tech insurance, Richard Breavington, argued that cybersecurity is “fundamental to pension scheme trustees’ legal duties”, warning that pension scheme trustees can be liable for failure to manage cyber risk appropriately.

They also pointed out that as per The Pension Regulators cybersecurity guidance, trustees are accountable for the security of scheme information and assets even when outsourcing day-to-day functions.

Due to the nature of the information held by pension schemes, if a hacker gained access to this, it could put many people at risk of things such as phishing scams, fraud, financial loss and reputational damage. Having your personal data stolen or exposed can be incredibly difficult for an individual and cause worry, stress and further psychological damage on top of the potential financial losses or reputational damage you may experience. As a result, those who have been victims of a data breach could be entitled to claim compensation.

HNK Solicitors can help with your data breach claim 

HNK Solicitors has a team of dedicated data breach solicitors with detailed knowledge of the relevant laws and regulations around data protection. We have many years of experience helping clients obtain compensation after their personal data has been breached. You’re entitled to compensation for the distress caused as well as any damages you have suffered as a result.

Get in touch with our team today on 0151 668 0814 or enquiries@hnksolicitors.com. Alternatively, fill in the contact form on our data breach protection claims page, and we’ll be in touch to arrange your free consultation, where we can discuss the details of your case and let you know if we can take on your claim on a no-win, no-fee basis.


Related Posts

Get in touch

Fill out the below form and one of our advisors will get in touch to arrange a consultation about your claim.

Recent Articles

Policeman and police motorcycle behind cordon tape at an accident or crime scene
Can I claim against the police?
March 22, 2024
Image of a person's legs lying on the floor next to a car. Car accident concept image.
HNK recover £99,700 for claimant injured during an attempted robbery on his vehicle
March 7, 2024
Photograph of two British transport police officers stood inside a train station.
Kent Police officer jailed for six months for inappropriate relationship with suspect
March 7, 2024
Call Us Claim Now